Dernières vulnérabilités en base


Dernières vulnérabilités en base     Exécution distantes & déni de service     Informations CVE-Details     Carte des évènements de cyber-attaques     


Application Compromission d'intégrité Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-324 De multiples vulnérabilités ont été découvertes dans Apple Wi-Fi Update for Boot Camp. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-308 De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000615 ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. (CVSS:0.0) (Last Update:2018-07-09)

Application Déni de service Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-323 Une vulnérabilité a été découverte dans VideoLAN VLC. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Application Exécution à distance Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-307 De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000614 ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. (CVSS:0.0) (Last Update:2018-07-09)

Application Compromission d'intégrité Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-322 De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-306 De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later. (CVSS:0.0) (Last Update:2018-07-09)

Application Déni de service Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-321 De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu . Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Application Exécution à distance Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-305 De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000611 SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL. (CVSS:0.0) (Last Update:2018-07-09)

Application Déni de service Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-320 De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Application Information Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-304 De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000610 A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-319 De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.

Application Exécution à distance Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-303 De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000609 A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-318 De multiples vulnérabilités ont été découvertes dans Citrix XenServer. Elles permettent à un attaquant de provoquer un déni de service.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1002150 Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. (CVSS:7.5) (Last Update:2018-05-18)

Application Vulnérabilité locale Score : 1 / 4
2018-07-16
CVE-2018-1000608 A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. (CVSS:0.0) (Last Update:2018-07-03)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-317 De multiples vulnérabilités ont été découvertes dans les produits VMware . Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Application Alté de données Score : 1 / 4
2018-07-16
CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. (CVSS:3.6) (Last Update:2018-07-03)

Application Alté de données Score : 1 / 4
2018-07-16
CVE-2018-1000607 A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-316 De multiples vulnérabilités ont été découvertes dans Xen . Elles permettent à un attaquant de provoquer un déni de service et une atteinte à l'intégrité des données.

Application Alté de données Score : 4 / 4
2018-07-16
CVE-2018-1000623 JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000606 A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-315 Une vulnérabilité a été découverte dans HPE Integrated Lights-Out (iLO). Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Application Vulnérabilité locale Score : 1 / 4
2018-07-16
CVE-2018-1000622 The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000605 A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-314 De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000621 Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000604 A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. (CVSS:0.0) (Last Update:2018-06-26)

Application Compromission d'intégrité Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-313 Une vulnérabilité a été découverte dans Apple SwiftNIO. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000620 Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000603 A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in Boot

Application Compromission d'intégrité Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-312 Une vulnérabilité a été découverte dans le noyau Linux de SUSE. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000619 Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000602 A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. (CVSS:0.0) (Last Update:2018-06-26)

Application Elévation de privilèges Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-311 De multiples vulnérabilités ont été découvertes dans Magento. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000618 EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000601 A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-310 De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une élévation de privilèges.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000617 Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). (CVSS:0.0) (Last Update:2018-07-12)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000600 A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-309 De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000616 ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onosdriversutilitiessrcmainjavaorgonosprojectdriversutilitiesXmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000559 qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-308 De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000615 ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000558 OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. (CVSS:0.0) (Last Update:2018-06-26)

Application Exécution à distance Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-307 De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000614 ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000557 OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 2 / 4
2018-07-16
CERTFR-2018-AVI-306 De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000556 WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. . (CVSS:0.0) (Last Update:2018-06-26)

Application Exécution à distance Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-305 De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000611 SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000554 Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-304 De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000610 A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. (CVSS:0.0) (Last Update:2018-06-26)

Application Exécution à distance Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-303 De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000609 A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1002150 Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. (CVSS:7.5) (Last Update:2018-05-18)

Application Vulnérabilité locale Score : 1 / 4
2018-07-16
CVE-2018-1000608 A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. (CVSS:0.0) (Last Update:2018-07-03)

Application Alté de données Score : 1 / 4
2018-07-16
CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. (CVSS:3.6) (Last Update:2018-07-03)

Application Alté de données Score : 1 / 4
2018-07-16
CVE-2018-1000607 A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. (CVSS:0.0) (Last Update:2018-06-26)

Application Alté de données Score : 4 / 4
2018-07-16
CVE-2018-1000623 JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000606 A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. (CVSS:0.0) (Last Update:2018-06-26)

Application Vulnérabilité locale Score : 1 / 4
2018-07-16
CVE-2018-1000622 The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000605 A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000621 Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000604 A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000620 Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000603 A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in Boot

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000619 Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000602 A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000618 EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000601 A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. (CVSS:0.0) (Last Update:2018-06-26)

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000617 Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). (CVSS:0.0) (Last Update:2018-07-12)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000600 A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVSS:0.0) (Last Update:2018-06-26)

Application Compromission d'intégrité Score : 1 / 4
2018-07-16
CERTFR-2018-AVI-342 Une vulnérabilité a été découverte dans le noyau Linux de SUSE . Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000616 ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onosdriversutilitiessrcmainjavaorgonosprojectdriversutilitiesXmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000559 qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-341 De multiples vulnérabilités ont été découvertes dans les produits Cisco . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000615 ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. (CVSS:0.0) (Last Update:2018-07-09)

Application Information Score : 1 / 4
2018-07-16
CVE-2018-1000558 OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. (CVSS:0.0) (Last Update:2018-06-26)

Application Déni de service Score : 3 / 4
2018-07-16
CERTFR-2018-AVI-340 De multiples vulnérabilités ont été découvertes dans SCADA Siemens . Elles permettent à un attaquant de provoquer un déni de service à distance.

Application Information Score : 3 / 4
2018-07-16
CVE-2018-1000614 ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. (CVSS:0.0) (Last Update:2018-07-09)
admin